×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

MPLS/BGP

Unanswered Question

Currently, I have this design:


The DC and the Corporate Office have a dedicated Optiman Circuit, and they are also connected via MPLS.  Both locations have also Internet connection with ASA Firewalls


HQ and DC are  also connected to one small branche via MPLS as well.  This location also has Internet with ASA Firewall


I am not running any routing protocols and currently relying on static routes.  It is getting very difficult to manage because we are growing fast.


I like to introduce OSPF internally and BGP to MPLS so we can redistribute OSPF to BGP for end-to-end reachibility.


I need some advise (Best Practice)


Obviously, between HQ and DC we would prefere Optiman as a first choice path, followed by MPLS/BGP followed by Internet IPSEC site-to-site.


For the small branch, the first preference will be MPLS/BGP, followed by Internet site-to-site VPN.


From what I know, I will have to call our ISP and ask them to provdide internal AS for us to enabing BGP on our all MPLS routers at our three locations.


I am looking for a best practices and configuration guidelines such as how to setup up BGP, redistribute OSPF into BGP and configure path preferences.  For example.  For site-to-site VPN how to configure BGP as a secondary path etc.


Any help will be appreciated.


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
JORGE RODRIGUEZ Thu, 12/22/2011 - 12:59
User Badges:
  • Green, 3000 points or more

Hi Abbas,



You have several extensive requirements, I  suggest   you take one at a time , perhaps open a separate thread posting for each requirement, you'll get more help audience to assist you by taking one tehnology at a time separate and eventually put them together to work.



"I like to introduce OSPF internally and BGP to MPLS so we can redistribute OSPF to BGP for end-to-end reachibility"


This implementation I dont want to say is easy  becuase it all depends on your network, but overall basic OSPF inplementatoin comming from a statically routed network to dynamic  should be fairly simple to introduce  provided you have some  basic  understanding on the workings of OSPF and BGP.


" From what I know, I will have to call our ISP and ask them to provdide internal AS for us to enabing BGP on our all MPLS routers at our three locations."


That is right , you should work  with your MPLS ISP provider with respect to moving from static routing to BGP and work with them to  gradually move your sites to BGP,  get AS numbering etc.. before  BGP is in place, I suggest  you should have OSPF already in place in your DC and HQ  and properly working in the LAN,  use standard single area all across between the two sites  DC and HQ using that Optiman link,  you can do same standard/single  ospf area in all other smaller  branhes that are connected to MPLS but one at a time.


"Obviously, between HQ and DC we would prefere Optiman as a first choice path, followed by MPLS/BGP followed by Internet IPSEC site-to-site."

Since you have a point to point link between DC and HQ  and if you configure both sites as standard OSPF area all across,  that link will be used as the prefered path by OSPF becuase routes leanred from  adjacent devices
are  consider intra-area routes, meaning, routes learned within that same area.  Consequently  if that Point to point link was to fail then  routes learned from BGP via MPLS will take affect  as they are treated as External routes .


As for site-to-site VPN , this  diserves  is a different thread,  but sure, you can have a L2L VPN as a back up for the Optiman link and MPLS in  DC site to HQ , you can  use   the internet link at each site  DC and HQ  for that purpose  and implemet GRE over IPsec for example  , you can terminate the GRE in one of your your internal routers  and have the ASAs firewalls do the Ipsec encryption   and have this link only as a backup  for the Otiman and MPLS links  .


"I am looking for a best practices and configuration guidelines such as how to setup up BGP, redistribute OSPF into BGP and configure path preferences.  For example.  For site-to-site VPN how to configure BGP as a secondary path etc."


Like I said before ,  first look at your DC and HQ  LAN,  and assess how  you will  introduce OSPF,  make a list of  your routers in each site and come up with  peering the devices into forming OSPF adjecency.


some OSPF resources

http://www.cisco.com/en/US/partner/tech/tk365/tk480/tsd_technology_support_sub-protocol_home.html

BGP resources

http://www.cisco.com/en/US/partner/tech/tk365/tk80/tsd_technology_support_sub-protocol_home.html



Regards

jorge,


Thank you for you wonderful explanation.  I will take you suggestions and take one step at a time.  The first prirority will be to put IGP such as OSPF in place and making sure that there is an end to end connectivity.  OSPF will be pretty straightforward since we have a dedicated optiman circuit beween two sites.  The only caveat the HQ and DC are also connected to one remote location over an MPLS and one more small office over the Internet.  For now, we will just continue to use staic routes for those locations and once we have BGP is in place, the remote location will be migrated over to OSPF as well redistriubted into BGP. 


For reachibiltiy over Internet, I think I will go with DMVPN, but got a check if Juniper Firewall will support this configuration.  We have ASAs for all 3 locations, but one small site has Juniper Firewall.


Regards,

JORGE RODRIGUEZ Fri, 12/23/2011 - 06:46
User Badges:
  • Green, 3000 points or more

Hi Abbas,    you're welcome .  keep us posted  on how everything goes.


Regards

Actions

This Discussion